<?php
session_start();
mysql_connect("localhost", "sapmenet_admin", "a1s2d3f4g5h6j7") or die ("Problem with datebase");
mysql_select_db("sapmenet_users");
$picID=$_POST['PicID'];
$text=$_POST['text'];
$text=htmlspecialchars($text);
$text=mysql_real_escape_string($text);
mysql_query("INSERT INTO comments (userID, picId, text) VALUES ('".$_SESSION['JID']."','".$picID."','".$text."')");
if ($_SESSION['id']!=$_SESSION['JID'])
{
	$name=mysql_query("SELECT concat (FirstName, ' ', LastName) AS fullName FROM users WHERE id={$_SESSION['JID']}");
	$name=mysql_result($name, 0);
	$text="<a href=http://sapme.net/Framework/profilePage.php?id=".$_SESSION['JID'].">".$name."</a><span id=".$picID." class=snimka> commented your picture.</span>";
	mysql_query("INSERT INTO notifications (IDsnimka, text, userID) VALUES ({$picID}, '".$text."', {$_SESSION['id']})");
}
?>